Uniswap LPs Lose Over $8M in a Major Phishing Attack

Uniswap Loses Over $8M in a Major Phishing Attack
Table of Contents

Prominent cryptocurrency exchange, Uniswap, along with its community suffered a severe blow as liquidity providers (LPs) of the Uniswap v3 protocol reeled under a major phishing attack resulting in a loss of over $8.1 million worth of Ether.

Phishing attacks have grown exponentially with the burgeoning crypto industry. Scammers are increasingly masquerading as notable companies or reputable people to siphon millions of dollars. In 2021 alone, cybercriminals stole a mammoth $14 billion in crypto which is almost twice the amount heisted in 2000. In February 2022, non-fungible token (NFT) marketplace, OpenSea users, were looted off nearly $1.7 million worth of NFTs.

How did the Attack Happen?

On July 11, Metamask security researcher, Harry Denley, warned users on Twitter that 73,399 addresses were sent a malicious ERC-20 tokens to steal their assets. The attack was altered by the scammers to make it seem as though Uniswap was airdropping tokens to platform liquidity providers. The total losses currently stand at $8.1 million, though that figure might be much higher as more information arrives.

Going further, when the users connected their wallets to the contract’s website, which resembled Uniswap, native tokens (ETH), ERC20 tokens, and NFTs (namely Uniswap LP positions) were hijacked from their wallets.

Popular crypto Twitter user ‘0xSisyphus’, also stated that a “large LP” with around 16,140 ETH, worth $17.5 million, may have also been phished. Uniswap CEO, Hayden Adams, confirmed the phishing attack noting that it is totally separate from the protocol. He tweeted,

“This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions. A good reminder to protect yourself from phishing and not click on malicious links.”

A Raucous Phase for Uniswap

Binance’s CEO, Changpeng Zhao, caused a disturbance in the crypto markets when he first signalled about the attack, calling it a “potential exploit” of the Uniswap protocol on the ETH blockchain. However, soon after, Zhao, clarified that the attack was part of a phishing attack rather than any issue with the protocol.

According to a Reddit post, the stolen funds were being laundered through mixing service Tornado Cash. Another Twitter user who goes by the name ‘Mel’, urged users not to interact with airdropped tokens from any unknown origin. Mel wrote,

“Please be aware that there is currently a Phishing scam happening that targets Uniswap V3 LP’s. It does not look like a Uniswap protocol hack.”


Follow us on Social Networks

Crypto Tutorials

Crypto Reviews